X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/ec371adab1109b338a3de473298b41140ec5017e..c18b85451625ff5b7ba8940c43f6703cc3b795d3:/doc/setup/byhand/discussion.mdwn diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn index 6fc931ad3..deb79a8db 100644 --- a/doc/setup/byhand/discussion.mdwn +++ b/doc/setup/byhand/discussion.mdwn @@ -18,3 +18,5 @@ One possible thing is security: Is it just a precaution or would anyone with "wr > to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's > security model, because replacing the setup file is sufficient to achieve > arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]] + +>> Thanks. After all found it here: [[security]]. Now I wonder if I always use a file from the master branch, while limiting users to staging, it might fly...